Paper Info
Title
A Conditional Probability Computation Method for Vulnerability Exploitation Based on CVSS
Abstract
Computing the probability of vulnerability exploitation in Bayesian attack graphs (BAGs) is a key process for the network security assessment. The conditional probability of vulnerability exploitation could be obtained from the exploitability of the NIST's Common Vulnerability Scoring System (CVSS). However, the method which N. Poolsappasit et al. proposed for computing conditional probability could be used only in the CVSS metric version v2.0, and can't be used in other two versions. In this paper, we present two methods for computing the conditional probability based on CVSS's other two metric versions, version 1.0 and version 3.0, respectively. Based on the CVSS, the conditional probability computation of vulnerability exploitation is complete by combining the method of N. Poolsappasit et al.
Year
DOI
Venue
2017
10.1109/DSC.2017.33
2017 IEEE Second International Conference on Data Science in Cyberspace (DSC)
Keywords
Field
DocType
vulerability exploitation,conditional probability,CVSS
Data mining,CVSS,Authentication,Conditional probability,Computer science,Network security,Theoretical computer science,NIST,Computation,Vulnerability,Bayesian probability
Conference
ISBN
Citations 
PageRank 
978-1-5386-1601-7
0
0.34
References 
Authors
4
4
Name
Order
Citations
PageRank
hua zhang11111.96
Fang Lou2173.07
Yunsheng Fu3272.99
Zhi-Hong Tian431252.75